unbound-1.16.2-8.el9_5.1
エラータID: AXSA:2024-9491:08
リリース日:
2024/12/25 Wednesday - 11:13
題名:
unbound-1.16.2-8.el9_5.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Unbound には、非常に大きなリソースレコードセット (RRset)
を含み、名前の圧縮処理が必要となる応答メッセージを処理する
際に、意図しない CPU リソースを消費してしまう問題があるため、
リモートの攻撃者により、細工されたリクエストの送信を介して、
サービス拒否攻撃 (CPU リソースの枯渇) を可能とする脆弱性が
存在します。(CVE-2024-8508)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-8508
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.
追加情報:
N/A
ダウンロード:
SRPMS
- unbound-1.16.2-8.el9_5.1.src.rpm
MD5: 33143ff9cddaf30ac729a62095049da4
SHA-256: 077a6b52bc9e887d3678afa83c707c870aed19b4c213b767ed76e9d36d9d2634
Size: 6.00 MB
Asianux Server 9 for x86_64
- python3-unbound-1.16.2-8.el9_5.1.x86_64.rpm
MD5: 6909db0525559f92a72c19822476f739
SHA-256: 3475d8237c74d902dcd972692c0e42c77e94e9bdc28504d6070ef73e38178639
Size: 104.32 kB - unbound-1.16.2-8.el9_5.1.x86_64.rpm
MD5: 545cfb166592da43ca0884bc5cd67c84
SHA-256: 62e14a617c4e54c2411d78f08ecfd39a8fe10c6868a801a9097bdfee52855247
Size: 966.77 kB - unbound-devel-1.16.2-8.el9_5.1.i686.rpm
MD5: 7440502863b9243322cd4f0a292086b6
SHA-256: 2ba41933feec13a896c62d93ddcc9b9e7c732dcea3fe7fb7e50115088c886746
Size: 37.29 kB - unbound-devel-1.16.2-8.el9_5.1.x86_64.rpm
MD5: be0ea0284b032c6cdfcabf5b359cc112
SHA-256: 3c1de33c81506a62d565682888b2d1c2c06c60fd2fa73db5ff7722d11128c2ac
Size: 37.31 kB - unbound-libs-1.16.2-8.el9_5.1.i686.rpm
MD5: ff373b34f2f34ee92f7aabbe1141ac82
SHA-256: 5da83c55bde2e33bfc2ba0f3bc0b9f04815db84726cd193db521505d93e3925c
Size: 572.91 kB - unbound-libs-1.16.2-8.el9_5.1.x86_64.rpm
MD5: 0158ca300dd14a1e4aed5b88ce34a2c7
SHA-256: 011e6fe0505b9d0be5ac903799fb9fa4a7d9875b7052971dd4acf33551ee96a6
Size: 546.89 kB
English